authentication
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides comprehensive and secure implementation patterns for authentication flows. It adheres to industry standards such as using bcrypt/argon2 for password hashing, short-lived JWTs, and secure HTTP-only cookie configurations.\n- [CREDENTIALS_UNSAFE]: No hardcoded secrets or credentials were found. The code snippets correctly utilize environment variables for sensitive information like JWT secrets and session secrets.\n- [REMOTE_CODE_EXECUTION]: No remote code execution patterns, dynamic code evaluation (eval/exec), or unsafe deserialization risks were identified.\n- [EXTERNAL_DOWNLOADS]: The skill references reputable and well-known libraries for its functionality, including bcrypt, jsonwebtoken, jose, otplib, and Upstash packages. These are standard in the industry and do not represent a security risk in this context.
Audit Metadata